Managing Network Security
EPICenter Concepts and Solutions Guide
112
Example: Setting the Service Type for a Built-in EPICenter Role
If you plan use an external RADIUS server to authenticate EPICenter users, but you do not want to
configure your RADIUS server with a VSA to pass role information, then you must configure your
RADIUS server’s “Service type” attribute (in the Remote Access Policy for the users who will should
have access to EPICenter) to specify the type of EPICenter user to be authenticated, as follows:
● For users with an Admin role, set the Service type = 6
● For users with a Manager role, set the Service type = 5
● For users with a Monitor role, set the Service type = 1
● To disable authentication, set the Service type to “Disabled”
If you do not change from the default (which is to disable authentication), no EPICenter users will be
able to authenticate.
If you set this Service Type in your standard Remote Access Policy, only one type of user can be
authenticated using this method. To allow the authentication of multiple types of EPICenter users,
follow the instructions in the previous section, “Example: Setting up a VSA to Return EPICenter Role
Information” or see the detailed example in Appendix D, “Configuring RADIUS for EPICenter
Authentication”.
Securing Management Traffic
Management traffic between a management application like EPICenter and the managed network
devices can reveal confidential information about your network if this traffic is transmitted in the clear.
Two approaches to encrypting this traffic is managing the network products using SNMPv3, or
accessing the network product directly using SSH.
Using SNMPv3 for Secure Management
SNMPv3 is a series RFCs (RFC 2273 through RFC 2275) defined by IETF to provide management
capabilities that guarantee authentication, message integrity, and confidentiality of management traffic.
SNMPv3 includes the option to encrypt traffic between the agent (residing on the network device) and
the management application (EPICenter). This prevents unauthorized eavesdropping on sensitive
management data.
The EPICenter Inventory Manager can discover SNMPv3 devices in your enterprise network. Click on
the Discover button to set the discovery options for building an inventory of your network. Select the
SNMPv3 discovery checkbox to add SNMPv3-enabled devices to your inventory.
You can also add a device to the Inventory Manager, manually entering the SNMPv3 settings for the
device. This includes the authentication and privacy settings for SNMPv3 and the passwords.
To Next Page
Loading...
Need help?
General
